Termux-packages: Signatures not verified because public key unavailable.
Problem description
Steps to reproduce
$ pkg up
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Err:1 https://its-pointless.github.io/files/24 termux InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8CCF71B217185E35
Ign:3 https://dl.bintray.com/grimler/game-packages-24 games InRelease
Ign:4 https://dl.bintray.com/grimler/termux-root-packages-24 root InRelease
Ign:5 https://dl.bintray.com/grimler/science-packages-24 science InRelease
Ign:6 https://dl.bintray.com/xeffyr/x11-packages x11 InRelease
Ign:2 https://dl.bintray.com/termux/termux-packages-24 stable InRelease
Get:8 https://dl.bintray.com/grimler/game-packages-24 games Release [5344 B]
Hit:8 https://dl.bintray.com/grimler/game-packages-24 games Release
Get:10 https://dl.bintray.com/grimler/termux-root-packages-24 root Release [6185 B]
Hit:10 https://dl.bintray.com/grimler/termux-root-packages-24 root Release
Get:12 https://dl.bintray.com/grimler/science-packages-24 science Release [5348 B]
Hit:12 https://dl.bintray.com/grimler/science-packages-24 science Release
Get:14 https://dl.bintray.com/xeffyr/x11-packages x11 Release [6055 B]
Hit:14 https://dl.bintray.com/xeffyr/x11-packages x11 Release
Get:7 https://dl.bintray.com/termux/termux-packages-24 stable Release [6061 B]
Hit:7 https://dl.bintray.com/termux/termux-packages-24 stable Release
Reading package lists...
Building dependency tree...
Reading state information...
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://its-pointless.github.io/files/24 termux InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8CCF71B217185E35
W: Failed to fetch https://its-pointless.github.io/files/24/dists/termux/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8CCF71B217185E35
W: Some index files failed to download. They have been ignored, or old ones used instead.
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Reading package lists...
Building dependency tree...
Reading state information...
Calculating upgrade...
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Expected behavior
No public key error must occur.
Additional information
$ termux-info
Packages CPU architecture:
aarch64
Subscribed repositories:
# sources.list
deb https://termux.org/packages/ stable main
# science-repo (sources.list.d/science.list)
deb https://dl.bintray.com/grimler/science-packages-24 science stable
# game-repo (sources.list.d/game.list)
deb https://dl.bintray.com/grimler/game-packages-24 games stable
# sources.list.d/pointless.list
deb https://its-pointless.github.io/files/24 termux extras
# root-repo (sources.list.d/root.list)
deb https://dl.bintray.com/grimler/termux-root-packages-24 root stable
# sources.list.d/pointless.bak
deb https://its-pointless.github.io/files/ termux extras
# x11-repo (sources.list.d/x11.list)
deb https://dl.bintray.com/xeffyr/x11-packages x11 main
Updatable packages:
All packages up to date
Android version:
7.1.2
Kernel build information:
Linux localhost 3.18.31-perf-g89c85bf #1 SMP PREEMPT Tue Oct 22 13:55:14 WIB 2019 aarch64 Android
Device manufacturer:
Xiaomi
Device model:
Redmi Y1
Fernal73
All 7 comments
Its-pointless key expired yesterday, but a renewed is available at https://raw.githubusercontent.com/its-pointless/its-pointless.github.io/master/pointless.gpg, so you need to run:
wget https://raw.githubusercontent.com/its-pointless/its-pointless.github.io/master/pointless.gpg
apt-key del 906F5AFA9A32C72D
apt-key add pointless.gpg
Grimler91
on 14 Mar 2020
Is there a script to do this pre-existing? If this is a recurring occurrence, shouldn't this be part of the pkg command or at least pointed to in some way? Help, perhaps? Thanks.
Fernal73
on 14 Mar 2020
shouldn't this be part of the pkg command
No. PGP key management should never be part of package management.
at least pointed to in some way
Key installation already part of https://its-pointless.github.io/setup-pointless-repo.sh. But as stated above, expired key should be renewed by manual operation.
xeffyr
on 14 Mar 2020
I agree it can't be part of package management.
But since it's a recurring task (keys expire periodically), shouldn't there
be some utility scripts provided for these maintenance tasks?
A separate package, perhaps?
Fernal73
on 14 Mar 2020
There no such tools for that. On typical distribution PGP keys are updated with keyring package before they are expired.
Expired keys disable package management for security reasons and in this case key should be updated manually.
Repository https://its-pointless.github.io/files/ does not manage keys in such way. It also not official so its key is can't be part of our keyring.
xeffyr
on 14 Mar 2020
Fine. I guess this leaves it to the individual to maintain any such
scripts.
I was thinking more on the lines of a custom package for Termux or a bunch of scripts for maintenance to be provided to users.
This may be more trouble than it's worth since you're expecting users to be well-versed in Unix commands and key maintenance and renewal.
Fernal73
on 14 Mar 2020
It's also possible to keep a small script to reinstall pointless repo whenever it expires again, e.g.:
#!/bin/sh
curl -L https://its-pointless.github.io/setup-pointless-repo.sh | bash
(Running the old setup-pointless-repo.sh didn't help me, so re-downloading it here.)
evg-zhabotinsky
on 28 Mar 2020
Related issues
zejji
路
4Comments
neitsab
路
3Comments
adit
路
3Comments
Wetitpig
路
3Comments
ILadis
路
3Comments
Most helpful comment
Its-pointless key expired yesterday, but a renewed is available at
https://raw.githubusercontent.com/its-pointless/its-pointless.github.io/master/pointless.gpg, so you need to run: